My dad's computer (Windows XP SP3) is currently in something of a fix--automatic updates aren't running, and Windows makes a warning appear indicating as such every time it boots. Attempting to turn it on from the security center is futile; security center says it can't do it and recommends turning it on from the Automatic Updates program in control panel. When you open up Automatic Updates... it thinks automatic updates are on. There seems to be some sort of miscommunication between automatic updates and the rest of the computer, which makes me think "virus".

A virus scan with Malwarebytes returned a result (something along the lines of PUM.security), but we still can't turn automatic updates back on. My dad has since installed McAffee on the computer (which involved removing malwarebytes, which is why I can't list a specific name for the infection), but it can't remove the problem either. My dad browsed the malwarebytes forums and is convinced that the problem is a router hijacking, but no other computers are displaying symptoms.

The logs for OTL, aswMBR, and SecurityCheck are included below. Any help you have to offer is greatly appreciated.

Incidentally, is it a good idea for him to have both McAffee and Ad-Aware on the same computer like he does now? I worry that they may try and step on each others toes a bit.

When saving ComboFix rename it to Belahzur.exe to prevent it from being blocked by malware.

Refer to this image:

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [You must be registered and logged in to see this link.] for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click Belahzur.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

I hate to slow things down from the get-go, but that list of antivirus-disabling instructions doesn't have some of the programs my dad's computer uses, and I worry about what may happen if combofix is interrupted. His main antivirus is Ad-Aware Total Security (none of the instuctions for any version of ad-aware match the setup for this version; in fact, the ad-aware tray icon has been missing since this whole episode started. Plus, if I try and Google "disable Ad-Aware Total Security" I just get a ton of results for how to disable that fake AV called Total Security). It seems that the McAffee on the machine is just the McAffee Security Scanner, which I can't make run anyway since my dad's computer lacks an internet connection at the moment (I'll try and fix that tomorrow).

Essentially, I'm worried about trying to disable these things without instruction, since I've tried to do so anyway (Ad-Aware's GDScan.exe runs on startup and slows the computer to a crawl) to no avail, and stopping combofix in the middle of a scan is, as I understand it, a very bad thing.

Please do the following in Safe Mode with Networking: as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press your Enter key.

Note: With some computers if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", tap the "F8 key" continuously until you get the startup menu.) Once in the start up menu, select "Safe Mode with Networking", then run Combofix, Ad-Aware wont run in Safe Mode so it wont interfere.

and the folder it's deleted is:C:\Documents and Settings\Owner\WINDOWS

And now it seems stalled. That last line about deleting the admin's WINDOWS folder is kinda bothering me, especially since when the line showed up explorer.exe died and the computer is stalling. There's still mouse interaction (and the cursor is still blinking in combofix's prompt), but nothing else is happening.

I tried installing the windows recovery environment, but it couldn't for some reason (despite a working internet connection). Any ideas?

Quick update: 8 hours and one workday later, the computer is still exactly where it was--combofix is still showing the same exact status as before, hasn't rebooted or created C:\Combofix.txt. On the bright side, I managed to get explorer working again, so I can at least navigate the computer, albeit with a big blue combofix window up at all times. Do you think it'd be safe to reboot the computer at this point?

After rebooting, Automatic Updates are running again. Security Center verifies that there are no problems, so everything seems fine on that front.

Problem is, the computer's wireless connection isn't working now. I can't tell if it's malware-related or if it's a software issue. The computer doesn't have a wireless card, and uses a peripheral by Netgear that runs using its own application. Consequently, Windows can't give any helpful troubleshooting for it (as far as it's concerned, the wireless internet connection hasn't been configured).

The computer does get an internet connection when it's hard-wired to the router, however, which makes me think even more that it's software-related. I've taken the opportunity to update the antivirus and windows updates, so at least that's taken care of. Other than running some additional antivirus scans to make sure the system is totally clean, the wireless connection is the only remaining issue.

Thank you so much for your help, by the way!

P.S. Combofix didn't leave a .txt, though it did leave a folder in C:\ called Belahzur (what I renamed combofix) that has the My Computer icon and which opens My Computer when double clicked. Thoughts?

P.P.S. After some additional tinkering, I really think the problem with the wireless is that the Netgear program isn't running. No matter how many times I try to run it manually, it never starts up. It shows up in the task manager (and if you try and run the program several times, several instances will appear), but the program never properly starts up. No program, no wireless--that's my thinking.

Closing the program through the task manager and then rerunning it doesn't make it run properly, though task manager shows that a new instance of it is running. I can't tell if the program isn't running for a purely innocent reason (maybe one of the files or folders combofix deleted had an effect on it?), or if something is actively preventing it from running (I've given it permission in Ad-Aware's firewall, and even when Ad-Aware is off it still doesn't run). RIght now I'm trying an uninstall/reinstall on the program, but it isn't detecting the peripheral for some reason. The setup never times out when searching for it, so it's hard to say if the setup is just programmed like that or if it's actually freezing for some reason while searching.

EDIT: Nevermind, got the program reinstalled. Needed an odd combination of windows installation AND proprietary setup to get working. Oddly enough, though, I still can't get an internet connection despite the system tray telling me that I have a working wireless connection. Plus, even now, the Netgear program doesn't run--and I get the feeling that the system tray will stop thinking I have a connection if I reboot. Definitely something strange going on.

Incidentally, I was checking the task manager and I noticed a couple of odd programs running, one is "NDP20SP2-KB2539631-x86.exe", which sounds like it has something to do with windows updating, and the other is "HotFixInstaller.exe". No idea about that one. Google results leave me pessimistic about it, though.

2nd Edit: The computer just asked to reboot for updates, so I'm guessing that's what NDP was all about. While it was rebooting though, the computer had trouble closing something called "Netsession Hidden Window" and gave me the whole End Task/Cancel routine. What was that all about?

3rd Edit: Both wired and wireless internet stopped working, so I left the computer hard-plugged in and booted in safe mode with networking, and the net started working. So, something that boots in normal windows is what's causing this. Whether it's a virus or some strange corrupted file or whatever is a mystery.

Part bump, part update: I decided to try using System Restore to set the computer back about a month, but after the computer finished rebooting I got a message saying that the computer could not be restored to that date and that no changes were made. There was definitely a working restore point on that day, so I have no idea what happened. Frankly, I didn't even know System Restore could be interrupted.

To reestablish the computer's issues, it can't connect to the internet outside of safe mode, and automatic updates don't run (although the computer doesn't yell about them anymore). Well actually, they try to run when the computer is shut down, but they tend to stall a few updates in.

Sounds like it couldn't find anything wrong. Despite what it says though, I can't connect to yahoo or google.

Also, after System Restore failed, I went back to try again and found that the restore dates before last week had all disappeared. The computer's problems began last week, so I have a sinking feeling that restoring to the (now) earliest date won't solve anything.

Sorry to say this, but my dad's decided to just wipe the hard drive and reinstall windows from scratch. He's backed up all of his important files, so at least he's covered on that front. I'm sure we could've resolved this with a little more time, but so it goes.